summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--interface-definitions/l2tp-server.xml40
-rwxr-xr-xsrc/conf_mode/accel_l2tp.py52
2 files changed, 91 insertions, 1 deletions
diff --git a/interface-definitions/l2tp-server.xml b/interface-definitions/l2tp-server.xml
index d5b6a921b..721913dfe 100644
--- a/interface-definitions/l2tp-server.xml
+++ b/interface-definitions/l2tp-server.xml
@@ -67,6 +67,19 @@
</leafNode>
</children>
</node>
+ <leafNode name="dnsv6-servers">
+ <properties>
+ <help>IPv6 Domain Name Service (DNS) server</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 DNS address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi />
+ </properties>
+ </leafNode>
<node name="lns">
<properties>
<help>L2TP Network Server (LNS)</help>
@@ -255,6 +268,33 @@
</leafNode>
</children>
</node>
+ <node name="client-ipv6-pool">
+ <properties>
+ <help>Pool of client IPv6 addresses</help>
+ </properties>
+ <children>
+ <leafNode name="prefix">
+ <properties>
+ <help>IPV6 prefix delegation</help>
+ <valueHelp>
+ <format>ipv6prefix/mask,prefix_len</format>
+ <description>e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients</description>
+ </valueHelp>
+ <multi />
+ </properties>
+ </leafNode>
+ <leafNode name="delegate-prefix">
+ <properties>
+ <help>DHCPv6 prefix delegation - rfc3633</help>
+ <valueHelp>
+ <format>ipv6prefix/mask,prefix_len</format>
+ <description>Delegate to clients through DHCPv6 prefix delegation - rfc3633</description>
+ </valueHelp>
+ <multi />
+ </properties>
+ </leafNode>
+ </children>
+ </node>
<leafNode name="description">
<properties>
<help>Description for L2TP remote-access settings</help>
diff --git a/src/conf_mode/accel_l2tp.py b/src/conf_mode/accel_l2tp.py
index 3a224974e..3af8b7958 100755
--- a/src/conf_mode/accel_l2tp.py
+++ b/src/conf_mode/accel_l2tp.py
@@ -53,6 +53,9 @@ radius
{% endif -%}
ippool
shaper
+ipv6pool
+ipv6_nd
+ipv6_dhcp
[core]
thread-count={{thread_cnt}}
@@ -72,6 +75,13 @@ dns2={{dns[1]}}
{% endif %}
{% endif -%}
+{% if dnsv6 %}
+[ipv6-dns]
+{% for srv in dnsv6: %}
+{{srv}}
+{% endfor %}
+{% endif %}
+
{% if wins %}
[wins]
{% if wins[0] %}
@@ -127,6 +137,9 @@ lcp-echo-interval=30
{% if ccp_disable %}
ccp=0
{% endif %}
+{% if client_ipv6_pool %}
+ipv6=allow
+{% endif %}
{% if authentication['mode'] == 'radius' %}
[radius]
@@ -159,6 +172,21 @@ gw-ip-address={{outside_nexthop}}
verbose=1
{% endif -%}
+{% if client_ipv6_pool %}
+[ipv6-pool]
+{% for prfx in client_ipv6_pool.prefix: %}
+{{prfx}}
+{% endfor %}
+{% for prfx in client_ipv6_pool.delegate_prefix: %}
+delegate={{prfx}}
+{% endfor %}
+{% endif %}
+
+{% if client_ipv6_pool['delegate_prefix'] %}
+[ipv6-dhcp]
+verbose=1
+{% endif %}
+
{% if authentication['radiusopt']['shaper'] %}
[shaper]
verbose=1
@@ -170,6 +198,7 @@ vendor={{authentication['radiusopt']['shaper']['vendor']}}
[cli]
tcp=127.0.0.1:2004
+sessions-columns=ifname,username,calling-sid,ip,{{ip6_column}}{{ip6_dp_column}}rate-limit,type,comp,state,rx-bytes,tx-bytes,uptime
'''
@@ -250,10 +279,14 @@ def get_config():
'outside_addr' : '',
'outside_nexthop' : '',
'dns' : [],
+ 'dnsv6' : [],
'wins' : [],
'client_ip_pool' : None,
'client_ip_subnets' : [],
- 'mtu' : '1436',
+ 'client_ipv6_pool' : {},
+ 'mtu' : '1436',
+ 'ip6_column' : '',
+ 'ip6_dp_column' : '',
}
### general options ###
@@ -262,6 +295,9 @@ def get_config():
config_data['dns'].append( c.return_value('dns-servers server-1'))
if c.exists('dns-servers server-2'):
config_data['dns'].append( c.return_value('dns-servers server-2'))
+ if c.exists('dnsv6-servers'):
+ for dns6_server in c.return_values('dnsv6-servers'):
+ config_data['dnsv6'].append(dns6_server)
if c.exists('wins-servers server-1'):
config_data['wins'].append( c.return_value('wins-servers server-1'))
if c.exists('wins-servers server-2'):
@@ -369,6 +405,13 @@ def get_config():
if c.exists('client-ip-pool subnet'):
config_data['client_ip_subnets'] = c.return_values('client-ip-pool subnet')
+ if c.exists('client-ipv6-pool prefix'):
+ config_data['client_ipv6_pool']['prefix'] = c.return_values('client-ipv6-pool prefix')
+ config_data['ip6_column'] = 'ip6,'
+ if c.exists('client-ipv6-pool delegate-prefix'):
+ config_data['client_ipv6_pool']['delegate_prefix'] = c.return_values('client-ipv6-pool delegate-prefix')
+ config_data['ip6_dp_column'] = 'ip6-dp,'
+
if c.exists('mtu'):
config_data['mtu'] = c.return_value('mtu')
@@ -424,6 +467,13 @@ def verify(c):
#raise ConfigError('set vpn l2tp remote-access outside-nexthop required')
print ("WARMING: set vpn l2tp remote-access outside-nexthop required")
+ ## check ipv6
+ if 'delegate_prefix' in c['client_ipv6_pool'] and not 'prefix' in c['client_ipv6_pool']:
+ raise ConfigError("\"set vpn l2tp remote-access client-ipv6-pool prefix\" required for delegate-prefix ")
+
+ if len(c['dnsv6']) > 3:
+ raise ConfigError("Maximum allowed dnsv6-servers addresses is 3")
+
def generate(c):
if c == None:
return None